Like GI Joe always said: Knowing is half the battle… And so it is the same with hacking.
One of the first parts of recon in a pentest is gathering valid login names and emails. We can use these to profile our target, bruteforce authentication systems, send client-side attacks (through phishing), look through social networks for juicy info on platforms and technologies, etc.
Where do we get this info? Well without doing a full-blown Open Source Recon (OSINT) style assessment, we can use two simple scripts; Metasploit's search_email_collector.rb and Edge-Security's theHarvester.
theHarvester (luckily for us) just updated to v1.5 and has now fixed some of its previous bugs with searching Bing and LinkedIn. It supports searching Google, Bing, PGP servers, and LinkedIn. Metasploit, under modules/auxiliary/gather, has search_email_collector.rb and uses similar techniques for Google, Bing, and Yahoo.
A quick usage below identifies some users
p.s. you can one line search_email_collector like so in msfcli:
ruby /framework3/msfcli auxiliary/gather/search_email_collector DOMAIN=your_target_domain OUTFILE=output_file_you_want_results_in E
Check the last line for an example wrapper for these two tools.
zombie@haktop:/tools/email/theHarvester# ./theHarvester.py -d defcon.com -b google -l 500
*************************************
*TheHarvester Ver. 1.5 *
*Coded by Christian Martorella *
*Edge-Security Research *
*cmartorella@edge-security.com *
*************************************
Searching for defcon.com in google :
======================================
Total results: 462000
Limit: 500
Searching results: 0
Searching results: 100
Searching results: 200
Searching results: 300
Searching results: 400
Accounts found:
====================
quietpro@defcon.com
nick.s@defcon.com
robert@defcon.com
lynne@defcon.com
@defcon.com
joe@defcon.com
info@defcon.com
dtangent@defcon.com
====================
And search_email_collector.rb usage here:
Running MSF search_email_collector...
[*] Please wait while we load the module tree...
[*] Harvesting emails .....
[*] Searching Google for email addresses from defcon.com
[*] Extracting emails from Google search results...
[*] Searching Bing email addresses from defcon.com
[*] Extracting emails from Bing search results...
[*] Searching Yahoo for email addresses from defcon.com
[*] Extracting emails from Yahoo search results...
[*] Located 7 email addresses for defcon.com
[*] headsets@defcon.com
[*] info@defcon.com
[*] jobs@defcon.com
[*] nick.s@defcon.com
[*] nick@defcon.com
[*] robert@defcon.com
[*] spr@defcon.com
We can wrap both these with a quick (albeit dirty) bash script (this example uses Backtrack paths):
#!/bin/bash
echo "Running MSF search_email_collector..."
echo
ruby /pentest/exploits/framework3/msfcli auxiliary/gather/search_email_collector DOMAIN=$1 OUTFILE=$1_emails.txt E
echo
echo "Running theHarvester on Google, BING, MSN, PGP..."
echo
python /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b google -l 500 >> $1_emails.txt
python /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b msn -l 500 >> $1_emails.txt
python /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b pgp >> $1_emails.txt
cat $1_emails.txt | grep @ |grep -v @edge-security.com |sort > $1_emails.txt
echo
echo "Searching for LinkedIN profiles with theHarverster..."
python /pentest/enumeration/google/theharvester/theHarvester.py -d $1 -b linkedin -l 40 >> $1_emails.txt
echo
echo "Finishing... E-mail Results:"
echo
cat $1_emails.txt
分享到:
相关推荐
Day 3 will focus on exploiting various types of service and client-side exploitation while Day 4 will focus on post-exploitation, and writing quick scripts that helps with gathering the required ...
Best Practices for Gathering Optimizer Statistics with oracle 18c. 此文档研究18c优化器必看.
This book shows you how to use PowerShell to quickly pinpoint, diagnose, and solve problems with your Windows Server environment, reducing the need for external tools, and ensuring you stay up-to-date...
This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and ...
This rapid application development framework and its vast ecosystem of tools let you quickly build new sites and applications with clean, readable code. With this practical guide, Matt Stauffer–a ...
You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as ...
with intermittent connectivity, where traditional data gathering methods can not be applied. In this paper, an efficient Mobility Prediction-based Adaptive Data gathering protocol (MPAD) based on the ...
Why Start with the Domain Model Instead of Use Cases?. . . . . . . . 25 Domain Modeling in Theory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Top 10 Domain Modeling...
This book will be packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) as per your requirements and move on to core functionalities. This book will start ...
Data sets such as customer transactions for a mega-retailer, weather monitoring, intelligence gathering, quickly outpace the capacities of traditional techniques and tools of data analysis....
Businesses are gathering data today at exponential rates and yet few people know how to access it meaningfully. If you’re a business or IT professional, this short hands-on guide teaches you how to ...
By the end of this book, you will be able to quickly pen test your system and network using easy-to-follow instructions and support images. What you will learn Learn advanced set up techniques for ...
In order to achieve the objective, a real life business requirement is taken and the sample project is built step by step from requirements gathering till deployment and support. The book includes ...
Probabilistic programming is an exciting new field that is quickly gathering interest, moving out of the academic arena and into the world of programmers. In essence, probabilistic programming is a ...
darkc0de:darkMySQLi rsauron$ ./darkMySQLi.py -u "http://www.rayner.com/products.php?id=22/**/AND/**/1=2/**/UNION/**/SELECT/**/1,darkc0de,3,4, 5,6,7,8,9,10" --dump -D db2889_rayner_en -T auth -C name,...
With the knowledge you gain from this book, you will quickly learn pandas and how it can empower you in the exciting world of data manipulation, analysis and science. What you will learn Understand ...
这本书是关于web3.0的ajax成就了web2.0 ,web3.0会是怎么样呢? This book covers Web 3.0 ...to be creators and consumers at the same time—by integrating their work with other people’s efforts. web 3.0
必看,低分分享Probabilistic programming is an exciting new field that is quickly gathering interest, moving out of the academic arena and into the world of programmers. In essence, probabilistic ...
• Create logins and users • Create roles appendixes a: using microsoft access with the book A quick overview of using Microsoft Access instead of SQL Server with the book. It looks at each chapter ...
Directed primarily toward students taking an course in undergraduate systems analysis and design, this text also provides practical content to current and aspiring industry professionals. Kendall and...